2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.

If your WordPress users data is having some untrusted authors on your blog then you must upgrade your WordPress installation to the latest version. WordPress 2.9 is expected to release by end of this month or in early December 2009.

We strongly recommend every wordpress user to upgrade their version to the latest one. WordPress is now a popular blogging platforms and very much secured. WordPress team is working really hard to cover-up any security fixes and that’s why you are seeing two updates in last two months.

Share

Sanjeev Mishra is a professional blogger and an Internet Marketing Consultant based in India. He has built the Internet Techies to provide you updates in technology and web application area.

Hi Keith,
Yes, 2.8.6 is out now and as this is a security update which really came as an emergency update as well. WordPress always keeps track of its updates thru tracker where nothing was scheduled as 2.8.6 but since some folks reported issues with multi author thing, then WordPress team started working on it on high priority and released this update in hurry. Hope not to get more updates in 2.8 series and to get 2.9 as the next release (condition – none of the high priority issues reported in between)

Hi Yohan,
This is not related with plugins. Actually every installation of WordPress has its own update cycle of 12 hours. Your installation is having a bit late update cycle where the wordpress installations gets update notification from its SVN server. This update process repeats after 12 hours but the time is set to different for each installation. That’s why your dashboard notifies a bit late which is nothing but a response of late cycle time of your installation.

Same is the case with update notification for plugins in wordpress. I really appreciate your efforts on virtualpreacher.